U.S. Bank is seeking a
Senior Information Security Risk and Compliance Consultant
to contribute toward the success of our information security program. The Sr. Information Security Risk and Compliance Consultant supports enterprise adherence to information security controls, policies and industry best practices by leading various initiatives to protect the confidentiality, integrity and availability of our information systems. We are seeking a self-motivated individual versed in information security controls with a minimum of 8 years of experience in information security. The candidate will have a broad understanding of security controls and can collaborate across organizations to achieve mutual goals.
Responsibilities may include but are not limited to:
· Enhance and maintain control framework.
· Develop and document security controls based on the control environment, collaborating with stakeholders in risk and compliance organizations
· Document alignment of security control framework to authoritative sources.
· Provide input and suggestions to improve security policies based on control framework to close any risk gaps identified.
· Provide security control advisory and logistical leadership.
· Partner with risk representatives across the enterprise driving activity standardization, and collaborate on joint initiatives.
· Reports and escalates issues appropriately and timely.
· Drive enhancements of the risk and control library.
The ideal candidate will have a well-rounded information security background including a strong understanding of IT risk management, information security controls, industry standards and best practices such as the NIST 800 series, NIST CSF, and ISO 27000 series. The candidate should understand and have experience with the regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, and PCI). The candidate additionally will have or exhibit the following:
· Skilled in leading and coordinating work efforts of other team members to meet tactical and strategic goals.
· Experience with program management and measurement through development and implementation of process efficiency and effectiveness measurements.
· Ability to analyze and articulate implications of compliance requirements.
· Skilled at communicating technical information to non-technical audiences and stakeholders at every level of the organization.
· Ability to build and maintain relationships across diverse technical and non-technical teams.
· Effective in communication with management and senior leadership.
· Bachelor's degree or equivalent work experience.
· Minimum of 8 years of experience in information technology and/or information security and compliance.
· Understanding of financial industry legal, regulatory and compliance requirements for information security.
· Demonstrated leadership with teams/individuals and large/complex enterprise projects.
· Proficient in MS Office tool suite including, Excel, PowerPoint, SharePoint and Visio.
· Graduate/Master's level degree in the areas of business administration, information security, computer science or information technology management.
· Experience in risk and compliance management and process development in the areas of information technology and security.
· Highly skilled in developing executive-level presentations and strategies that include process diagrams and designs.
· Industry certifications in the area of information security, project management and technology auditing including, CISSP, CISM, CGEIT, CISA, GIAC GSEC, and/or PMP.